Saturday, February 21, 2009

The booting services are proving popular with players who want a way to get revenge on those who beat them in an Xbox Live game.

The attackers are employing data flooding tools that have been used against websites for many years.

Microsoft is "investigating" the use of the tools and said those caught using them would be banned from Xbox Live.

"There's been a definite increase in the amount of people talking about and distributing these things over the last three to four weeks," said Chris Boyd, director of malware research at Facetime Communications.

Attack tool

"The smart thing about these Xbox tools is that they do not attack the Xbox Live network itself," he said.

He said the tools work by exploiting the way that the Xbox Live network is set up. Game consoles connecting to the Xbox network send data via the net, and for that it needs an IP address.

Even better, said Mr Boyd, games played via Xbox Live are not hosted on private servers.

"Instead," he said, "a lot of games on Xbox Live are hosted by players."

If hackers can discover the IP address of whoever is hosting a game they can employ many of the attacks that have been used for years against websites, said Mr Boyd.

One of the most popular for the Xbox Live specialists is the Denial of Service attack which floods an IP address with vast amounts of data.

The flood of data is generated by a group of hijacked home computers, a botnet, that have fallen under the control of a malicious hacking group.

When turned against a website this flood of traffic can overwhelm it or make it unresponsive to legitimate visitors.

When turned against an Xbox owner, it can mean they cannot connect to the Live network and effectively throws them out of the game.

"They get your IP address, put it in the booter tool and they attempt to flood the port that uses Xbox traffic," said Mr Boyd. "Flooding that port prevents any traffic getting out."

Skill set

The hard part, he said, was discovering a particular gamer's IP address but many malicious hackers had honed the skills needed to find them.

Some interconnect their PC and Xbox and use packet sniffing software to hunt through the traffic flowing in and out of the console for IP addresses.

Others simply use con tricks to get the target to reveal their net address.

The technical knowledge needed to hunt down IP addresses was quite high, said Mr Boyd, but many of those who had the skills were selling their expertise to those keen to hit back at their rivals on the Xbox Live network.

For $20 (£13) some Xbox Live hackers will remotely access a customer's PC and set up the whole system so it can be run any time they need it.

Some offer low rates to add compromised machines to a botnet and increase the amount of data flooding a particular IP address.

Defending against the attack could be tricky, said Mr Boyd: "There's no real easy solution to this one."

Although IP addresses regularly change, people could find it takes hours or days for their ISP to move them on to a new one.

In response to the rise in attacks, Microsoft said: "We are investigating reports involving the use of malicious software tools that an attacker could use to try and disrupt an Xbox LIVE player's internet connection."

It added: "This problem is not related to the Xbox Live service, but to the player's internet connection. The attacker could also attempt [to] disrupt other internet activities, such as streaming video or web browsing, using the same tools.

In its statement Microsoft warned: "This malicious activity violates the Xbox Live Terms of Use, and will result in a ban from Xbox Live and other appropriate action.

It urged anyone falling victim to such an attack to contact their ISP to report it and get help fixing it.

In January 2009 Microsoft announced that Xbox Live had more than 17m members.